Event Listing: BCS CMSG Conference 2016

The BCS Configuration Management Special Interest Group are holding their annual conference in London on the 7th of June.

BCS

The theme of the conference is transitioning the future and the event will have three streams:

  • DevOps
  • Change Configuration & Release Management
  • SAM  Licensing & Strategy

This is the 11th conference run by the BCS CMG. The main conference objectives are to share experiences in how Configuration Management supports and enables Change Management in software development and ITIL Service Management. Software Asset Management (SAM) and licensing are critical to today’s organizations and the conference will detail new approaches and strategies to aid today’s practitioners. Best practices in adopting an integrated approach, and communicating and selling this to the rest of the organisation are essential elements.

The Conference will bring together managers and practitioners working across the service lifecycle (which incorporates the application lifecycle) together in an open forum.

 

Event Breakdown

What: The BCS CMSG Conference; Transitioning The Future

When: 7th June 2016 08:30 – 20:00

Where:  BCS, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA.

How To Book: Click Here

 

I’ll be one of the speakers at the conference (check out my session overview here) so if you’re attending the conference, come and say hi!

Configuration Management How To (Part 3)

Following on from our previous articles on Configuration Management, this week we’ll be taking a look at Status Accounting and Verification.

Status Accounting

5227436224_454c249643_o

Status Accounting is the part of the process responsible for recording and reporting the lifecycle of each configuration item; essentially making sure that each CI has a valid lifecycle status, accurately recorded in the CMS. The thing to remember about status accounting is that you can have all the statuses (statusi?) in the world but if you have too many, it will be a nightmare to maintain your data. Again, my advise would be to start small and then build up over time as your process matures. Some example Configuration Management statuses could include:

  • Purchased
  • In Test
  • In Pre production
  • In production
  • In repair
  • Spare
  • Disposed

Status Accounting ensures that all CIs that make up the service baseline or snapshot have been captured and that all Changes have been captured by Change Management and reflected in the CMS. I would also make the case that if a Change has failed or a planned Release CI has defects, then a Known Error (with a workaround if appropriate) should be raised and linked within the CMS.

Automated discovery tools make it easier to manage your estate; they can do in hours what it would take people days or even weeks to complete. If you don’t have a dedicated asset discovery tool could you use an existing tool such as SMS or Alteris (commonly used for deploying software releases)?

Verification & Audit

16811751576_ba60a74652_z (1)

Our final part of the Config process is to look at the activities responsible for ensuring that information in the CMS is accurate and that all configuration items have been identified and recorded.

Verification includes routine checks that are part of other processes – for example, verifying the serial number of a desktop PC when a user logs an Incident or checking that the version of software updated in a planned Change has been added to the CMS.

Audit is a periodic, formal check. Configuration audits generally include the following activities:

  • Defining audit schedule and procedures
  • Identifying who will perform the audits
  • Performing audits on the established baselines
  • Generating audit reports
  • Managing exceptions
  • Lessons Learned

When defining an audit schedule look to the rest of the business for guidance. Do you have any regulatory requirements such as SOX, BASEL 3, IL3 or NGN224 or any standard s such as ISO 20000 that need to be adhered to? If so, they will probably come with a defined audit cycle. When preparing for external audits, the best thing you can do is run an internal audit first so that you can correct any potential issues or at least come up with a plan to improve in the case of any major findings. Ideally, get someone from outside your department to carry out the audit as they will have a fresh perspective and there will be no room for bias (however unintentional).

Configuration audits will include a mixture of automated and physical checks on established service baselines. Once complete, the audit report will be generated summarising the results of the audit and highlighting any differences between the CMS and production CIs. In the event of discrepancies, a get well plan should be planned and acted on as soon as possible, perhaps with the support of your Problem Management team to understand the root cause and suggest actions to prevent further discrepancies. I would also suggest keeping a lessons learned log for Configuration Management and ensuring that it is updated and acted upon following all audit activity.

That’s our take on Status Accounting and Verification & Audits – what do you think? Let us know in the comments!

 

Image Credit
Image Credit

 

Configuration Management How To (Part 2)

Following on from our previous article, this week we’ll take a look at Configuration Management baselining and control.

Configuration Baselining

2561885967_f5f0be5834_z

First up we have the identification or baselining step in our Configuration Management process. This is a baselining process, taking a snapshot of our critical services and their key dependencies so that we know exactly what makes up the service. The purpose of a baseline is to take a measurable part of the service so that it can be added to a CMDB (Configuration Management Database) or CMS (Configuration Management System). As it’s a snapshot of the state of a service at a point in time, it can be used as part of Change Management as if the service has changed there will need to be a valid, authorised RFC against it as well as being a stable reference for future planned works.

So how do you carry out a baselining exercise in real life? My advice? Start with your most critical service. You know the one. The system that if there is even a hint of slowness or performance issues your Service Desk is inundated with calls and the angry mob are off out finding their flaming torches and pitchforks. That’s the one. Start by talking to everyone involved with the service from support teams to the business. If it requires third party support, consider asking your supplier for their guidance for what data should be captured in a CMS for example if you ever need to log a support call with them, what are the top ten things they will ask for?

Don’t try to capture too much data at first – you can always build things up later but if you try to go into too much detail when starting out you might run out of time and money. Also bear in mind, the more detail you capture, the more work it will be to maintain. As a starter for ten, here are some useful CI attributes to capture:

  • Unique Identifier
  • CI type eg server, network device, software package
  • Version Number
  • Support Details
  • Vendor Details
  • Licence Details
  • Purchase Date
  • Owner
  • Location
  • Warranty Details
  • Relationships to other CIs

You also don’t necessarily need an expensive tool – I used to work for a small bank during its UK start up and the IT budget was really tight. We desperately needed a CMS to support Incident and Change Management but didn’t have a tool. I went round to every support team and techie I could find and used a spreadsheet to build up a basic CMDB of our key services then created a business case over the following few months to demonstrate the benefits (I was able to demonstrate tangible reductions in Change failures and Incident resolution times) to secure funding for an ITSM tool that included a CMDB.

Remember any CMDB, no matter how basic, is better than nothing. If you are going down the spreadsheet route then talk to your techies. If discovery tools such as SMS or Alteris are in place then they could be used to help you build a basic CMDB.

Configuration Control

3812759931_8aa94e57bb_z

Configuration Control goes hand in hand with Configuration identification and baselining. Having control in place means that there is appropriate support in place to ensure that when a CI (Configuration Item) is updated, that the CMS is updated so that what you have in the CMS matches exactly what you have in your production environment. Nothing will make your Configuration Management process fail quicker than your CMS having incorrect or out of date information so control is a critical aspect of Configuration Management.

Work closely with Change Management to make sure your processes are aligned; for example you could put a process step in place where a Change can only be closed off as successful when the CMS is updated. Sounds basic I know but you would be amazed at how many times I’ve seen people forget to update documentation following Change activity so if you have it formally built in to the process, nothing can be missed or forgotten about. Also, if you’re not part of the CAB meeting, get yourself invited so you can add subject matter expertise around service relationships and dependencies during impact assessments.

Work with Change Management to consider putting Change freezes in place during key process points such as baselining or audit exercises so you’re not trying to hit a moving target. Believe me, there is nothing more stressful in an audit situation than having a last minute panic about the version information of a CI being up to date following a Release the previous night.

These are our top tips for Configuration baselining and control. What do you think? Let us know in the comments!

 

Image Credit

Image Credit

Configuration Management How To (Part 1)

Overview Of Service Asset & Configuration Management

Service Asset & Configuration Management (SACM) is the process responsible for ensuring that the assets required to deliver services are properly controlled, and that accurate and reliable information about those assets is available when and where it is needed. This information includes details of how the assets have been configured and the relationships between assets.

Done correctly, Configuration Management is a key enabler for resolving Incidents, identifying the root cause of Problems, impact assessing Changes and building the technical layer of a Service Catalogue. It’s also the process that tends to make people panic because of all the databases, information systems and scary terminology; so here is our panic free guide to Configuration Management. Configuration Management is made up of the following steps and we will look at each one in turn:

  • Planning
  • Identification (Baselining)
  • Control
  • Status Accounting
  • Verification


Configuration Planning

7802754212_0fd2e22154_zLet’s start with the basics. Configuration Management is one of those processes where you really, really need to have a plan. I’m not talking any old plan either; I’m talking Hannibal from the A Team level planning. Why is planning so important? One of the biggest reasons Configuration Management fails is because people try to do too much so setting the process scope is a key activity.

Let’s start with the inventory layer. Inventory Management takes care of consumables; keyboard, mice, USB sticks and SecureID cards. Stuff that needs to be tracked for monetary value and to make sure it’s in stock but that’s about it. The next layer is Asset Management. Examples of assets include PC’s, Laptops and printers. Stuff that we need to keep track of for monetary reasons, to make sure they’re in stock when needed, locational info and how they are supported. The final layer is Configuration Management. Items under the control of Configuration Management (CIs) are the big chunky items that make up your critical services. Servers, network devices and software applications should all be under the control of Configuration Management to make sure they are managed, supported and subject to the appropriate Change control.

The plan should also explain any naming conventions or nomenclature. Confused? Every CI or item that is under the control of Configuration Management should have a unique name or identifier. When I’m tasked with implementing a Configuration Management process from scratch I try to use a naming model that will make it easy for the CI to be identified so I tend to use the following:

Type of Service – Location – Level of Complexity

So a WinTel server based in Dublin requiring third line support would be WinTel1234 – DUB – L3 and a business spreadsheet located in London requiring first line support would be Exl-LON-L1 and so on. In terms of naming conventions; it doesn’t matter what framework you use, as long as everything has a unique identifier. When I worked for an investment bank in London, the naming convention was food based so all WinTel servers were named after Italian food, all UNIX servers were named after Chinese food. Another example is from a firm that I worked for in Reading; all WinTel servers were named after characters from Terry Pratchett books and all Network devices were named after monsters from ancient Greek mythology. Both worked really well and as an Incident Manager it was pretty hard to get stressed during a Major Incident when someone shouted Rincewind’s fallen over again!

The plan should include a reference section. When you’re building a CMDB you will be talking to support teams, service architects and project managers. Ensure that you capture the source of the information whether it be from a Service Catalogue, support documentation or even from SLAs so that it can be verified before it’s placed in your CMDB.

Does your organisation have a Configuration plan? Let us know in the comments!

 

ConfigEnterprise Service Management Webinar Module 3: CONFIGURATION MANAGEMENT

Don’t forget to join us for our 3rd webinar of the series – Configuration Management on 31st March, 2pm GMT. Register here!

 

Image Credit

Quick Guide to Knowledge Management

This quick guide has been contributed by Mike Simpson of CIH Solutions.

The guide discusses how Knowledge Management (KM) can be used to manage risk and control costs in an IT Service Management environment. The guide identifies four ‘hot spots’ based on the author’s experience and outlines common problems and suggests solutions using KM.

Introduction

Author: Mike Simpson, CIH Solutions
Author: Mike Simpson, CIH Solutions

As with most terms found in IT the term Knowledge Management means different things to different people. There is much available on the subject of KM and the term is often interchangeable with other terms such as intellectual capital, information management, data management and document management. In reality, KM embraces all of these.

So, what is my definition of KM in relation to an ITSM organisation?

First, this is not about scale. A KM system can operate just as effectively in a small organisation as a large enterprise. The principles remain the same – identifying, collating, storing and retrieving knowledge for use by all personnel in their day-to-day tasks. Also, this is not just about documents and data. When the experience of personnel is added into the mix we get Knowledge and this needs to be captured and stored for future use.

Second, from my experience the key feature of a KM system within an ITSM organisation is the understanding that different information has different values depending on circumstances. For me assigning value to information is vital and has priority over the capture of all available material.

At this point I should add that I do not differentiate between an MSP serving external clients and an internal IT service provider. The same KM principles apply. Also, the KM system described in this guide should be considered a ‘practical solution’ that can be implemented with limited resources and budget and extended over time.

I want to begin by briefly describing two KM systems that I have encountered in the course of my consultancy work.

Example One

I’ve seen only one truly outstanding example of an enterprise wide KM system and that was at a European pharmaceutical company. What struck me about this KM system was the sheer scale of the repository containing research papers, trials results and project documents covering decades of research amounting to many millions of pages and database entries. The success of this KM system was of course the strength of the underlying thesaurus that enabled scientists to discover (or perhaps re-discover) knowledge to support the design of a new R&D programme.

Example Two

My second example is at the other end of the scale. This is a local KM system that supports an IT organisation that provides hosting support for external SAP clients. This KM system also impressed me but for a different reason. Without any real top down sponsorship or funding the technical teams had created their own KM system based on a single central repository, but where all the content was created, published and maintained under very strict guidelines by a few key members of staff, but accessed by many. The rationale for using this approach was to bring discipline to the management of documents and data that were considered vital to the successful running of their IT organisation.

KM Model for ITSM

The rationale for the second example above sounds somewhat obvious, but the background problem as explained to me was one of long term ill-discipline in the day-to-day management of key information. Individuals, both staff and sub-contractors, would create multiple documents, held in isolated repositories or held on local drives, resulting in poor retrieval and inaccurate information.

The problem is a familiar one. Admittedly, this KM system is basically document management, plus some other information formats and a simple data classification system, but in my view this doesn’t matter as the problem of badly managed information was controlled by introducing a strong KM framework with a central repository to address a specific local need.

It is this model of KM that I want to discuss as the starting point for KM for ITSM, but first I need to say something about the concept of assigning value to information.

Defining Business Value

I mentioned above that assigning value to information is vital.

Screen Shot 2015-06-16 at 10.36.57

I call this category High Business Value information. So, what does it mean exactly? Essentially, this is a category of business information that covers all the vital and irreplaceable business records, documents, information and data that are associated with sensitive areas like customer data, compliance, security, personnel, finance and legal and commercial activities.

It is this category that has the potential to damage an ITSM organisation should this material be compromised by loss, breach of security, inaccuracy or the inability to locate and retrieve quickly when needed. It is the failure to identify, capture, publish and retrieve this category of knowledge that can have a significant impact on the management of risk and cost control.

Whilst all information is valuable, depending on circumstances, some information suddenly becomes more valuable.

KM Framework

Our first step is to build a KM Framework. This framework must define the KM life cycle to create, capture, review, release, amend, publish and retire content. In addition, the KM Framework must define a system of classification for the ITSM information. We have already identified a need to segregate high value information – I’m calling this Layer 1 information. All the remainder of the ITSM information and data is collected into Layer 2.

Basically, for Layer 1 we know what we want and where it is – hence we can find it quickly using a hierarchy with a controlled vocabulary where everything is tagged.

However, for Layer 2 the structure is more linear using a Thesaurus and non-controlled vocabulary. This allows for a more ‘search and discover’ approach.

Finally, the framework will identify the ITSM knowledge managers who will be responsible for implementing the framework, plus a KM Steering Committee.

Five Stages of the KM Framework

There are five stages within the KM Framework and these are shown in Figure 1 below. By following this five stage sequence all the information considered as High Business Value can be identified and either uploaded into the KM Database or retained in local repositories (known as source databases). This is the Integrate stage that is covered in detail later on under the Hot Spot scenarios.

Each stage should be followed for Layer 1 and then repeated for Layer 2.

Untitled

Figure 1 – Five Stages of KM Framework

  • Audit – once the categories within Layer 1 have been identified all the material to be included in each category needs to be identified. The audit will do this and will cover different media formats such as PDF, database tables, e-mails, webinars and HTML et al.
  • Map – during the audit the location of the material is identified. This is mapping and will be needed when the KM database is designed and built to identify what material should be transferred to the KMDB and what material should remain in local repositories.
  • Classify – once all the information has been identified for the categories of Layer 1, the documents and data can be classified according to the controlled vocabulary system and the hierarchy structure.
  • Assemble – once classified and physically located, the content for each category should be assembled as a schedule of descriptive metadata tables complete with information titles, document numbers, versions, data sets and physical location.
  • Integrate – once all the information has been assembled the metadata tables can be used to manage the population of the KMDB – either directly with content or connected to other repositories to extract the content. These are known as source databases.

 Classification

As mentioned above it is important to classify by value as well as classify by subject. For example, all customer data should always be considered high value, but the exact list will depend on the types of client and services that are supported by the ITSM organisation.

When it comes to the subject of classification there are many standards1 on taxonomy and debates about linear versus the hierarchy structure approach. I’m therefore suggesting that it makes sense to divide our total ITSM information into two distinct groups – the High Business Value information already discussed and a second group which is essentially everything else. I’m calling the first grouping Layer 1 and the second grouping Layer 2.

Once all the information has been divided into these two layers we must structure the information in two different ways. Figure 2 below shows this division.

Layer 1 should be structured using a taxonomy with a hierarchy and controlled vocabulary. This scheme will identify the information according to importance, sensitivity and security level, and will be used to control access to the information in Layer 1. The search tools that underpin our KM system will then be able to locate and retrieve any of the information in Layer 1 very quickly. Layer 1 will typically have the lowest volume.

Untitled2

 

Figure 2 – Grouping Information by Layers

For our second layer – Layer 2 – I suggest a thesaurus with a more linear structure that will allow more of a free form of search and retrieval based on a smaller number of the terms.

Not everything needs to be tagged in Layer 2, instead broader searches and cross searches can be adopted to allow a more ‘search and discovery’ approach even ‘looking inside’ some documents and files to locate content of interest.

This makes sense as the population of Layer 2 will cover all manner of archived project material, design documentation, presentations, non-critical business records et al. Layer 2 will typically have the highest volume.

Hierarchy of Layer 1

Given the relatively simple structure of our KM system I suggest a top down approach for Layer 1, based on a hierarchy of Categories and Sub-categories using a controlled vocabulary to tag documents and data sets. An example is shown in Figure 3 below. As Layer 1 is the primary focus of our initial KM design and build it’s not my intention to outline the structure of Layer 2.

Untitled3

Figure 3 – Classification Hierarchy

Once all the constituents of Layer 1 have been identified during our Audit stage all the information and data can be divided into Categories. These categories will be assembled under various functional headings, for example:

Category 1 – Customer Data
Category 2 – Compliance
Category 3 – Legal
Category 4 – Service Continuity
Category 5 – Finance
Category n – Security

Once all the Categories have been identified then the material should be further sub-divided into Sub-categories. I would suggest that these three drill-downs are sufficient to hold all the information in Layer 1. The Sub-categories will contain all the specific document and data sets that relate to a particular Category and this can be assigned by client or customer type or by any other specific grouping.

This hierarchy is not meant to be in any way prescriptive, just examples on the concept of Categories and Sub-categories.

Example ‘Hot Spots’

I’ve identified four possible ‘hot spots’ based on personal observations of real life events and these are shown in Figure 4. Clearly, there will be others depending on the set-up of a particular ITSM organisation and the types of client it supports.

The figure is based on a simplified ITSM organisation that could be either a MSP dedicated to external clients, or an ITSM organisation providing IT services to an internal client. The IT Operations can be either internal or external hosting with or without applications support. For the purpose of this guide it is assumed that the IT Operations is in-house and provides hosting, communications and applications support – within an overall governance framework.

There are four example ‘hot ‘spots’ shown in Figure 4.

  • Client Portal – Risk to reputation due to poor quality of customer information
  • Legal and Commercial – Cost of litigation due to incomplete contract audit trail
  • Compliance – Cost of compliance due to audit failure and forced re-work
  • Service Continuity – Risk to IT service continuity due to inadequate preparation

All of the above examples relate to the absence, inaccuracy or timely retrieval of information.

Untitled4

Figure 4 – Example Hot Spots

Risk to Reputation (Hot Spot 1)

In this scenario I’ve created a simple Service Operation (SO) organisation that has responsibility for managing the information available to customers via a Client Portal. I should state at this point that not all of the information available through the portal is the responsibility of the SO team. Some material will be supplied direct from the Client for uploading onto the portal – material from the Marketing Department such as prospectus and application forms.

The remainder of material will be service and technical support information produced within SO and cover such topics as service availability status, technical self-help and how-to-do-it video clips. The client portal also has a secure area for the client customer groups to access data on performance against SLAs.

The ‘Risk’ we are trying to mitigate here is out-of-date, missing and inaccurate information being posted to the client portal. The current arrangement within our SO is that information is currently held in separate repositories. Information is identified and collected and then manually or semi-automatically uploaded onto the Client Portal database using scripts. The risk here is that:

  • not all information is collected at the right time (like monthly SLA data updates)
  • incorrect information is selected for the right location
  • correct information is uploaded to the wrong location
  • not all information is collected

All the above risks can be minimised by the correct processes and checks in place and rigorously enforced. However, experience has shown that this manual and semi-automatic process can break down over time and quality – and reputation – can be impacted.

Untitled5

 

Figure 5 – KM Integration of Client Portal Information

All the client information that was previously managed manually has now been compiled into metadata tables from the AuditMap ClassifyAssemble stages. We can now move to the Integrate stage. The metadata tables will hold the locations of all the information and data needed to be accessed by the client portal and the KMDB will use distributed queries to collect all the information and data from these locations. In practice these will be permitted areas within local repositories (or tool set databases) – known as source databases. See Figure 5.

For example, the Known Error database (KEDB) could supply diagnostic help and work-arounds for self-service customers for the most common errors. The KEDB will also collect Event and Incident Management data in support of the SLA reporting that is provided to the client business units via the portal. The Configuration Management database (CMDB) will also be another source database for the supply of data to the client on service configuration.

Cost of Litigation (Hot Spot 2)

My second scenario relates to the threat of litigation as a result of a breach of contract. Whilst this sounds dramatic it is important not to underestimate the legal and commercial requirements to hold and maintain all contractual material and associated business records.

Most service based agreements come with some form of service credit arrangement. However, a decrease in payment may not fully compensate a client for poor service particularly when a number of service failures occur in quick succession or a major outage lasting several days hits not just the client but the client’s customers. Such a scenario could be considered a breach of contract resulting in litigation to seek damages and a termination of the service contract.

Any move to litigation will result in a demand from the client’s legal team for all relevant information to be handed over. This is known as e-discovery2 and the Service Operation team along with the organisation’s legal department will need to respond very quickly in a short time frame.

Untitled6

 

Figure 6 – KM Integration of Legal Information

This is another example of how the KMDB can be used to store high business value information. Figure 6 shows how the KMDB can contain a Legal DB segment that is used to store in one location all contractual and historical SLA information relating to an individual client. As with Scenario 1, the metadata tables will hold the locations of all the information and data needed to be accessed by the Legal KMDB segment. Again, distributed queries are used to collect all the information and data from these source DB locations.

The information will include all versions of contracts, contract amendments, SLAs including email trails between the client and the IT Service Provider. This latter point of email capture is increasingly used to highlight any communication that might indicate an implied contract variation by either party. I would suggest the inclusion of a Message Record Management (MRM) system as part of the KM solution.

Screen Shot 2015-06-16 at 10.37.56

Also, it will be necessary to install an activity monitor to log and track activity of users of the KMDB segment. In reality, this would be good practice across all of the KMDB segments but essential in this instance.

One final point. Where the service provider is internal to an organisation, for example the public sector, the risk of litigation is negligible. However, be aware that a consistent under performance against SLA targets could be a fast track to IT outsourcing.
Here is another example of the importance of a KM sub-set of material that can be assembled on the basis of a specific demand. During a compliance audit, ISO27001 for example, there will be a specific document set that will need to be made available to the auditors for the certification process.

Cost of Compliance (Hot Spot 3)

I’ve seen this happen on a number of occasions. Although this is usually presented as an exercise in cost saving, invariably it is driven by a long term dissatisfaction in the performance of the internal service provider.

Without a rigorous KM approach there is the risk of auditors finding a shortfall in the control objectives and controls. This will result in low auditor marking and possible non-compliance. There is now a real cost involved with the remedial work needed for a re-run of the audit, particularly with the high daily rates charged by external auditors.

The material can range from Information Security Policies to Physical and Environmental Security. There is a wide range of different types of information and data and the Audit and Map stages of the KM Framework will require a lot of research and agreement from the KM Stakeholders on what should be included in this KMDB Compliance segment. It is likely that some of the lower level information may be located in Layer 2. If this is the case then it might make sense to leave it where it is and simply connect between the two layers. It is also true that the scope of ISO270013 is such that the KM will need to connect to a wider range of tools and assets.

One particular example is software asset management (ISO 27001 – Clause A8: Asset Management). Under this heading auditors will check the number and validity of software contracts held and check that the licences cover all the users who actually use the software. This could be addressed by setting up a source DB within a SAM tool and extracting all the data needed for the audit (as a controlled set) and then sending it to the KMDB. This is actually a very common failure point.

Risk to Service Continuity (Hot Spot 4)

In this final scenario I want to look at how the KMDB can be used to support Service Continuity. This has a much broader scope than just KM and I’m not intending to cover the whole subject of Business Continuity Management (BCM). Again, there are multiple terms involved here – like Disaster Recovery, Business Recovery and Service Recovery. In the case of ITSM and KM, I’m going to describe how KM can be used in support of Service Recovery within the broader BCM that covers the end-to-end business of a client.

The dilemma facing an ITSM organisation is no one can really identify all the situations likely to occur. Certainly, the evacuation of a data centre due to fire and flood is an obvious scenario, but thankfully not one that occurs very often. Clearly you can’t prepare for every instance but it is possible to target some common ‘knowns’.

So, here is a possible starting point. In our Layer 1 (High Business Value) under the Service Continuity category, the sub-categories should be constructed to reflect various ‘threat scenarios’ – one per sub-category, such as cyber threat, data theft and denial of service to name a few. We could also add major software outages that can and do occur from time to time.

Each ‘threat scenario’ can then be structured along the scope and guidelines of ISO223014. This will create a consistent framework for compiling all the recovery procedures, communication escalations and fall back plans for each scenario. Clearly, there is much more to discuss here but there is a future article that will address all of these aspects of service recovery which is planned for publication later in 2015.

Conclusion

What this guide attempts to outline is a number of possible solutions to common issues around both risk and cost control in an ITSM organisation. It is not intended to be prescriptive. The KM system described here should be considered an ‘entry level’ system, but with the capability of extension as time and budget permit. This KM system is also predicated on content being held within existing repositories, as well as a central KMDB, but extracted on demand. The success of implementing a KM system will always reside with the management and staff of an ITSM organisation and not the technology. Hence the emphasis must always be on developing a KM Framework as the starting point.

This quick guide has been contributed by Mike Simpson of CIH Solutions.

Change, Configuration and Release Review – The results (2014)

CCRThis is a competitive review of software vendors who offer Change, Configuration and Release capabilities as part of their IT service management (ITSM) solution.

Products reviewed:

Change, Configuration and Release 2014 Best in Class

ITinvolve has taken huge strides in the ITSM arena with Service Manager by embracing the adage “knowledge is power”.  We feel that the developments that ITinvolve Service Manager has made with the fundamentals of knowledge and collaboration, ensuring that all relevant information is available to the right people at the right time (and in a straightforward way), enables risk assessment capabilities that far outweigh those of other ITSM solutions. This provides increased value to its Change, Configuration and Release capabilities.

Change, Configuration and Release Review Best in Class: ITinvolve
Change, Configuration and Release Review Best in Class: ITinvolve

The way that these capabilities support and mold Change, Configuration and Release creates a product that gives control, intelligence and awareness back to the IT organisation.

Offered as a SaaS-only solution, ITinvolve states that Service Manager integrates with discovery products, and we feel proactively delivers timely and relevant information whenever needed.  The solution greatly reduces the burden on staff and ensures risk can be quickly and accurately assessed.

Best for On-Premise

For those organisations looking for Change, Configuration and Release capabilities in an on-premise solution then Cherwell Service Management® would be our recommendation (please note that Cherwell Service Management® is also available as a SaaS solution).

We believe that Cherwell Service Management® has the functionality the vast majority of organisations require to operate an efficient and successful management of Change, Configuration and Release processes.

Introduction

The only thing constant in life is change, and this is never truer than in an IT organisation.

In order to get a handle on the myriad of modifications and developments occurring within IT many organisations turn to frameworks, such as ITIL, for guidance on best practice.  Change, Configuration and Release Management are three processes that group together favourably and are a valuable continuance for businesses unsure where to progress following successful adoption of Incident, and in some cases Problem Management.

  • Configuration Management is the process used to track individual Configuration Items (CIs) and the way in which they interact with one another
  • Change Management is the process used to track and communicate any changes in service that may impact the customer, such as when systems are taken offline for updates
  • Release Management is the process of managing software releases from development right through to release

Each process can be used individually, but more often than not you will find these processes intertwined.  For example, when considering either a Change or Release you will need to know the CI’s that will be affected before you begin.

As listed above it is ITSM Review’s opinion that Configuration should come first.  We believe that if you can get Configuration right then Change and Release will be infinitely more straightforward.  Establishing that any prospective ITSM tool can record all information for a CI in an easy-to-document-and-locate approach will minimise risk both to individuals and the organisation as a whole.

Too often we see cases where needless mistakes occur during the management of Change and Release due to critical information not being easily accessible.  Upon investigation the result is usually that the documentation was circulated and then filed away with the expectation that it would be read in infinite detail and re-read upon any future modifications of said item.  There are several issues with this:

  • There is a finite amount of time in a day to read the multitude of documents one comes across
  • There is a finite amount of storage within a brain to remember which items have related documents squirreled away
  • People only know what they know

You can blame individuals after mistakes occur by stating that documentation should have been sought out, or you can employ processes that take the guess work (and leg work) out of the equation in conjunction with using an ITSM tool that offers up the information to the right people at the right time.

In this review we have looked at a range of ITSM products covering Change, Configuration and Release Management, targeting all market sizes.

Market Positioning (Target Market Size)

For the purposes of this review, vendors were classified based on their primary market focus, and product capabilities.

Vendor Small Medium Large Very Large
Axios 0% 0% 75% 25%
Cherwell 1% 14% 65% 20%
ITinvolve 0% 75% 12.5% 12.5%
TOPdesk 35.32% 53.63% 10.47% 0.54%

Approach

Vendor On Premise/Saas Separate Release Module Discovery Tool own/Third Party
Axios Both No Both (version dependent)
Cherwell Both No Both
ITinvolve Saas No Third Party
TOPdesk Both No Both (version dependent)

Competitive Overview

Vendor Elevator Pitch Strengths Weaknesses
Axios Axios assyst is a solid, mature and well-rounded tool marketed towards organisation with 1,000+ end users.The functionality and design of assyst provides the ability to manage both simple and complex workflow processes to support the management of change and request.Available both as a SaaS solution and on premise – with concurrent and named licenses – assyst provides a flexible model to fit around your business.
  • Relationships between configuration items, services and users are clearly displayed via a visual impact explorer
  • Drag and drop calendar functionality
  • Easy to collaborate on changes etc., reducing the need for the use of external software
  • Requires experience and an increased investment in time to implement release management if your existing process is complex
Cherwell Cherwell Service Management is a functionality-rich and user-friendly tool.The flexibility of Cherwell Service Management allows customers to automate existing change and configuration processes without the need to compromise the status quo to fit around the tool.With Cherwell Choice concurrent licensing and flexible hosting model, you can choose what works best for your business — Pay-as-you-go or perpetual license,.  Hosted on-premise, by Cherwell or by a third party.
  • Offers multiple ways to achieve the same outcome (e.g. creating a change request) meaning that users can work whichever way best suits them and their requirements
  • Mature change calendar with drag and drop functionality and ability to create changes direct from the calendar view
  • Robust collision detection
  • Requires experience and an increased investment in time to implement release management if your existing process is complex
ITinvolve ITinvolve Service Manager is a progressive and ambitious product.Uniquely combining knowledge capture, analysis, and social collaboration, Service Manager proactively delivers timely and relevant information whenever needed.  The solution greatly reduces the burden on staff and ensures risk can be quickly and accurately assessed.Saas based, Service Manager is licenced per user with an additional annual cost for the platform.
  • Advanced and proactive delivery of knowledge
  • Dynamic identification, analysis and engagement of changes
  • Key settings can be recorded against individual items/objects and are immediately obvious from all areas of the application
  • No drag and drop or create functionality from within the calendar
TOPdesk TOPdesk 5 is a visually pleasing and easy to navigate tool.TOPdesk’s modular structure accommodates a wide range of requirements from different sized organisations. All products include extensive reporting options, clear overviews and a handy Plan Board for planning resources.Web-based hosted as a service or on-site Service Management software, TOPdesk has made the transition from IT into Facilities Management and HR.
  • Tabbed working (ability to have more than one active record open at a time)
  • Attractive GUI which will be appealing to the wider business
  • Form Designer is not available to customers of the Professional version
  • No drag and drop capability on change/release calendar
  • Blackout and maintenance windows not created against Configuration Item (CI) or Service but instead in the Event and Actions module

Customers

customers-graph

Analysis

Vendor Functionality Competitive Differentiators Analysis
Axios Mature, well-rounded tool covering the larger end of the ITSM market with solid change, configuration and release functionality with strong risk assessment capabilities.
  • All ITSM process integrated into one app – non-modular
  • Visual Impact Explorer provides clear graphical views of infrastructure and relevant relationships
  • Drag and drop change/release process design
Assyst offers solid change, configuration and release functionality with strong risk assessment capabilities. I therefore believe that it is a good offering for both large and enterprise organisations with moderate to mature change processes in place.
Cherwell Functionality rich and user friendly tool ensures that no matter how you want to do something you’re likely to be able to do it.
  • Fully integrated management processes that are 100% configurable against an organisation’s current and future service request models, without the need to write a single line of code via programming or scripting services
  • Integrated Platform as a Service (PaaS) technology to empower users to easily develop and deliver integrated business services offerings
  • Quick, easy, and seamless system upgrades, as well as low cost of ownership for on-going system management overheads
Unless you are an organisation with advanced or complex release management requirements, I highly recommend that you consider Cherwell Service Management as your tool of choice.
ITinvolve Progressive, ambitious and agile product with exceptional use of knowledge and collaboration to underpin Change, Configuration and Release as well as all other processes.
  • Comprehensive understanding of not only configuration dependencies but also compliance and key settings
  • Dynamic identification and engagement of all relevant change stakeholders with facilitated collaboration and risk assessment prior to formal change approval workflows
  • Knowledge is proactively delivered to IT staff in the context of the change/release being created/worked on
Despite the lack of drag and drop and create option functionality from within the calendar, regardless of the size of your organisation I strongly believe that you can’t go wrong with considering ITinvolve Service Manager as your ITSM solution for Change, Configuration and Release.
TOPdesk Modern, attractive and easy to navigate tool which is likely to appeal to the wider business as well as IT.
  • Integrates multiple support processes into a unified system, which can be used by the wider business
  • Licensing structure is based on the number of end users rather than operators
  • Comprehensive and modular solution that allows customers to add new processes as they grow
If you are a purely reactive IT organisation, of basic to moderate maturity, with a low to medium number of change requests, then the Enterprise or Ultimate offering of TOPdesk 5 would be a suitable candidate for your organisation.

Deep Dive

Further details for each vendor can be found by using the links below:

Disclaimer, Scope and Limitations

The information contained in this review is based on sources and information believed to be accurate as of the time it was created.  Therefore, the completeness and current accuracy of the information provided cannot be guaranteed.  Readers should therefore use the contents of this review as a general guideline, and not as the ultimate source of truth.

Similarly, this review is not based on rigorous and exhaustive technical study.  The ITSM Review recommends that readers complete a thorough live evaluation before investing in technology.

This is a paid review, that is, the vendors included in this review paid to participate in exchange for all results and analysis being published free of charge, without registration.

For further information, please read the ‘Group Tests’ section, on our Disclosure page.

Review: TOPdesk for Change, Configuration and Release

Logo TOPdesk Service Management Simplified CMYKTOPdesk

This independent review is part of our Change, Configuration and Release Review.

Executive Summary

Elevator Pitch TOPdesk 5 is a visually pleasing and easy to navigate tool.TOPdesk’s modular structure accommodates a wide range of requirements from different-sized organisations. All products include extensive reporting options, clear overviews and a handy Plan Board for planning resources.Web-based hosted as a service, or on-site Service Management software, TOPdesk has made the transition from IT into Facilities Management and HR.
Strengths
  • Tabbed working (ability to have more than one active record open at a time)
  • Attractive GUI which helps make the product simple to use and requires no coding experience
Weaknesses
  • Form Designer is only available to customers in the Enterprise version
  • No drag and drop capability on change/release calendar
  • Blackout and maintenance windows not created against Configuration Item (CI) or Service but instead in the Event and Actions module
Primary Market Focus Based on the information provided, TOPdesk markets to organisations ranging from small (-100 users) to very large, multi-national companies (10,000+ users)

Commercial Summary

Vendor TOPdesk
Product TOPdesk
Version reviewed 5
Date of version release 2012
Year founded 1993
Customers 4,000+
Pricing structure The licensing structure is based on the number of end users that the customer wishes to support with the software. This structure allows customers to have an unlimited number of agents, operators and technicians working on the tickets themselves.Both on-premise installations and SaaS options, hosted by TOPdesk, are available.
Competitive differentiators
  • Shared Service Management and One-Stop-Shop application integrates multiple support processes into a unified system, which can be used by multiple departments either coupled with IT or independently within the business
  • Licensing structure is based on the number of end users rather than operators
  • Comprehensive and modular solution that allows customers to add new processes as they grow

Independent Review

With a modern and attractive interface TOPdesk 5 will likely appeal to the wider business, as well as IT, due to its differing from the usual use of the Windows Explorer-style in favour of a more intuitive GUI.  Whilst most ITSM tool vendors are now looking at ways to enable the integration of their tools outside of IT, in my opinion TOPdesk has been involved in leading the way in a shift towards Enterprise Service Management (ESM).

Our impression of the tool is that the Enterprise edition would be suitable for organisations with a basic to moderate maturity of change/release process with low to medium volume.  The choice to create actions in the Event and Alert module to notify of blackout and maintenance windows after the change has been requested, seems like an afterthought, and is the primary reason why we would not recommend the tool to organisations with a high maturity of change/release.

Without Form Designer, which lets you design your own forms ensuring you gather the correct information, the Professional edition lacks, what we believe, should be basic functionality. However, the processes link well together and the GUI is intuitive, with the ability to create new changes etc. from most areas without the need to navigate away from the current page.

In ITSM Review’s opinion, TOPdesk 5 is a solid ITSM tool, but unfortunately change and release is not its strongest area.  Our recommendation to TOPdesk would be to add Form Designer to its basic offering and to make a few changes to the change calendar (such as: creation of changes from calendar view and drag and drop of change requests) as well as to revise how maintenance and blackout windows function in all editions. This would then ensure that the tool is better suited to organisations with more complex change/release requirements.

General

As with a number of other tools included in this review, TOPdesk 5 combines release with change and the Project Management module (available to Enterprise customers) can also be used to plan releases.

TOPdesk has two offerings: Professional (basic) and Enterprise (standard). The Professional package allows customers to choose the modules, functions and processes that they require, paying only for what they need but with the flexibility to add new processes as they grow. However, as not all modules are available in Professional, should you wish to implement telephony integration, log or update calls on the go, or run surveys for continuous improvement then you will need to upgrade to the Enterprise offering.

TOPdesk states that Change, Configuration and Release are offered as part its Enterprise package. However for potential customers investigating capabilities, we feel that the website lacks clarity as to the inclusion of Configuration and Release as part of its offering. Furthermore, in our opinion little information is provided as to what functionalities can be included as part of the Professional package. It is therefore our recommendation that potential customers contact TOPdesk directly to discussion their Change, Configuration and Release requirements.

Change

As with the other processes in TOPdesk 5, change is easy to access from every screen.  The change record can be linked from incidents, problems, known errors etc. and provides a very good overview of the history of the issue. Change workflow can be configured to create a variety of change types dependent upon the processes an individual organisation has set up.

Configurable dashboards make change management easy to monitor with various widgets available to show you the relevant information you need, such as all current changes awaiting approval etc.  Dashboards can be set on a role-by-role basis giving an “at a glance” view to workload.

Although there are no change templates available out-of-the-box, TOPdesk states that these can be easily created by the customer and copied.

If your role requires you to wear more than one hat i.e. not just Change Manager, then TOPdesk 5 could be useful to you.  TOPdesk 5 has tabbed working that means that you can work on other areas (such as raising an incident) even if you are in the middle of creating a long and complicated change.  This is something that we personally feel is missing from a lot of tools in the market offering Change, Configuration and Release, and is an extremely useful component not just in change but all aspects of working in a busy IT department.

Configuration

For discovery and inventory within TOPdesk you can either use the additional network scanning tool “TOPsis” or integrate with a third party application.  There is also a Barcode scanner module available to Enterprise customers, which enables you to scan a room and attach labels to an item or object, with all relevant data being sent to directly to TOPdesk.

CI forms are fully configurable within Form Designer . The Form Designer allows customers to design forms for calls and requests for change, enabling them to determine which information must be filled in. Whilst Form Designer is part of the Enterprise package, we were surprised to find that this basic functionality is not included as part of the Professional edition. With many other tools containing similar functionality to Form Designer as part of their basic offerings we believe that TOPdesk needs to revisit its decision to not include Form Designer as part of its basic package.

The links wizard allows CI’s to be linked to changes, incidents etc. and each CI has a tab showing a trail of all operation changes.  It is possible within this tab to access all linked records by double clicking or single clicking for a quick overview.

Calendar    

Although TOPdesk 5 does not have the most basic of change calendars it’s not the most advanced either.

Creating blackout and maintenance windows is not as straightforward as it could be.  Rather than creating a window against a CI or a Service that would show on the calendar, these need to be created within the Events and Actions module (available in all versions), which triggers an email after submission dependant upon the parameters set.  We don’t think that it would be an inconvenience if you could go straight to the calendar, check the dates and then create the change from there, but unfortunately this is also not possible.

We feel that were we customers of TOPdesk, we would be frustrated by the toing and froing required to check dates and create requests.

There is also no drag & drop capability for changes on the calendar.  This is certainly by no means a deal breaker, but in the interest of making life as easy as possible for the user this is a possible enhancement TOPdesk could make in the future.

Approvals

Multiple activities can be created within a change, with different tasks involved that have specific time constraints.

Approvers and evaluators of changes can be person or role based.  There are fully customisable drag and drop workflow approval paths, which can be as simple or as complex as your organisation requires with the option for single and CAB approval.

Notifications or emails are automatically sent to approvers with details of the change request and these can be responded to via email or within the tool itself.

In Summary

If you are a purely reactive IT organisation, of basic to moderate maturity, with a low to medium number of change requests, then the Enterprise offering of TOPdesk 5 would be a suitable candidate for your organisation.

In Their Own Words:

TOPdesk develops ITIL-aligned Service Management Software for IT, Facilities Management, and eHRM helpdesks and is among the top five service management tools offered worldwide. Our award-winning solution, along with our ITIL verified consultants and outstanding customer support has helped over 4,000 unique customers to process questions, complaints and malfunctions. With over 20 years of service management experience, we have assisted businesses, to optimize their services with our 100% web-based and user-friendly application. TOPdesk’s modular structure accommodates a wide range of requirements from different sized organisations. TOPdesk can be hosted as a Service or can be installed on-site. All products include: extensive reporting options, clear overviews and a handy Plan Board for planning your resources. Every day, millions of users across 47 countries trust in TOPdesk as their service management solution. Raising your service levels and reducing your workload and costs have never been easier.

Screenshots

This independent review is part of our Change, Configuration and Release Review.

Review: ITinvolve for Change, Configuration and Release [BEST IN CLASS]

logoITinvolve

This independent review is part of our Change, Configuration and Release Review.

Executive Summary

Elevator Pitch ITinvolve Service Manager is a progressive and ambitious product.Uniquely combining knowledge capture, analysis, and social collaboration, Service Manager proactively delivers timely and relevant information whenever needed.  The solution greatly reduces the burden on staff and ensures risk can be quickly and accurately assessed.Saas based, Service Manager is licenced per user with an additional annual cost for the platform.
Strengths
  • Advanced and proactive delivery of knowledge
  • Dynamic identification, analysis and engagement of changes
  • Key settings can be recorded against individual items/objects and are immediately obvious from all areas of the application
Weaknesses
  • No drag and drop or create functionality from within the calendar
Primary Market Focus Based on the information provided, ITinvolve primarily targets the medium to enterprise market

Commercial Summary

Vendor ITinvolve
Product ITinvolve Service Manager
Version reviewed Winter ‘14
Date of version Release December 2013
Year Founded 2011
Customers 8 current customers using ITinvolve Service Manager
Pricing Structure The licencing structure is based on IT users, Business users, i.e. approvers, and Portal users with pricing set accordingly. Service Manager is SaaS-based.
Competitive Differentiators
  • Comprehensive understanding of not only configuration dependencies but also compliance and key settings
  • Dynamic identification and engagement of all relevant change stakeholders with facilitated collaboration and risk assessment prior to formal change approval workflows
  • Knowledge is proactively delivered to IT staff in the context of the change/release being created/worked on

Independent Review

ITinvolve seem to be heading in a slightly different direction to the other vendors in this Change, Configuration and Release review, which is refreshing to see. With emphasis for the other vendors being on broadening the scope into the wider business (outside IT), ITinvolve’s “Agility Application” is focusing on its use within IT and concentrating on helping to take the hard work out of capturing undocumented information, the “collective wisdom” – known by some but not easily accessible by all.

This product is far more dynamic than any of the others in this review and hits the knowledge management angle far harder than anyone else.  If our experience within IT has taught us anything it’s that you can have the best quality knowledge documented but if it’s not immediately available to you it’s not very useful. Ensuring that intelligence is not just recorded, but is immediately accessible to those that need it, as and when they need it, without the need to search through hordes of documentation is key to mature and successful ITSM.  With knowledge management nailed everything else seems infinitely easier and more straightforward.

Change, Configuration and Release work smoothly and effectively in this product.  The collaboration component and Key Settings establish a clear understanding of the needs of the IT department. In my view, doing both these two things exceptionally well, as ITinvolve Service Manager does, supports and benefits all other processes within the product.

In ITSM Review’s opinion ITinvolve Service Manager (hereafter referred to as “Service Manager”) would be suitable for organisation of all sizes, especially the more “forward-thinking market” looking to bring a more proactive way of distributing knowledge to the right audience in order to reduce risk and speed time to execution for change, configuration and release activities.

General

As with other tools in this review, release and changes are both created from within the change area of the tool, but with the difference here being that ITinvolve also handles releases as individual change items within a change record rather than just as a change.

Service Manager is built on the Salesforce1 platform and leverages the APIs, data integration facilities, and connectors available to integrate with third party systems such as discovery tools, CMDBs, systems management tools, etc.

Change

Service Manager supports pre-approved, normal and emergency change with the facility to configure these to your organisational needs.

The interesting thing about the way Service Manager works compared to other tools is that it gives interested parties a chance to weigh in on change requests before they go to the approval stage.  Proactive identification, analysis and engagement of changes ensures that everyone that needs consulting is consulted – avoiding the all to common “loop” where changes are brought forward to the CAB only to be pushed back for further analysis.

Service Manager is built with collaboration capabilities throughout, including the ability to follow particular items (which ITinvolve calls objects) such as applications, policies, and infrastructure components if you have a vested interest in them. Users can build a perspective (think of a “hot” Visio diagram) that includes all the objects valuable to their role rather than having to filter through information. This, in turn, enables the ITinvolve application to recommend the relevant experts to change planners for change, configuration and release activities.

These stakeholders are then able to collaborate virtually with one another on the change, adding or removing associations with other objects and engaging other stakeholders as necessary. The visual impact analysis is continuously updated during this activity, helping collaborators to easily see potential upstream and downstream impacts.

Additionally, any key setting information, policy information, or relevant knowledge objects/articles are inherited to the change for the objects associated, ensuring that all stakeholders have advanced access to the information they need to assess the change accurately and quickly without having to hunt for information.

Key settings for an object are able to be recorded and shown in the Activity Stream, as an icon within the Impact Analysis and within the Impact Factors tab, ensuring that important intelligence does not have to be hunted for and should never be missed.

This is by far the most agile and proactive change and release (as this is bundled also) product that we have reviewed so far.

Configuration

Service Manager supports a variety of integrations to leverage existing discovery and asset management data, but does not directly provide auto-discovery itself.  Objects in Service Manager support common attributes found in inventory control, asset management tools and barcode scanners making synchronization frictionless and consistent.

All automated updates to objects are written into the Activity Stream and followers of the object are updated immediately and are able to review, validate and correct revised information.  This creates a continuous mechanism for verification between expected and actual configuration avoiding the configuration inaccuracy challenges so common in CMDB implementations.

Service Manager supports a visual model of relationship mapping between objects including business services, applications, servers, databases, networking devices, policies, knowledge, etc., and also support custom objects.  Service Manager’s Impact Analysis not only shows which objects, services etc. are relative to one another, but utilizes badges to also show where changes and issues may be in effect for specific objects, as well as any key settings or information that you may need to be aware of.

What ITSM Review likes most about Service Manager is that you don’t have to go searching for relevant information.  Although there are times when you will want to manually attach information to an object, Service Manager does so intelligently without the need to perform extra steps or leave the screen you are on and go to a different area of the product.

Calendar    

The ability to set change/release blackouts/maintenance periods against individual objects as well as records that contain multiple objects, provides the opportunity to manage changes from a macro-level to a meticulous calendar ensuring that a change/release is only able to be requested for time periods that have been pre-approved.

One thing that we were surprised to find is that there is no drag and drop or create-from calendar ability within Service Manager.  Although this is not vital, it’s absence seemed a bit surprising given the other functionality contained. However this is functionality that ITinvolve states is on its roadmap for a future release.

Approvals

Once the change requester has performed an initial association of objects, including the business impact for the associated objects, relevant stakeholders are automatically identified based on those individuals, or groups that have included one or more of those objects in their perspectives (mentioned earlier within Change section).

Potential upstream and downstream impacts are visually represented ensuring that those stakeholders can easily spot any potential areas of concern.  Stakeholders are able to collaborate virtually with one another on the change, adding and removing associations with other objects and engaging other potentially interested parties, including business stakeholders as necessary. This “extra step” actually streamlines change approvals enabling greater change velocity.

Change and release approvals can be set to individuals or teams on a one/majority/percentage etc. must approve basis, e.g. a high risk change/release requires 100% agreement from all stakeholders before approval is granted. Escalations are also automated based on lack of stakeholder response within define timeframes.

Approvals, the same as all activities within the product, are documented and in effect creates a public audit that can be questioned, crowd sourced and peer reviewed.

In Summary

Despite the one noted absence of drag and drop and create option functionality from within the calendar, regardless of the size of your organisation, we strongly believe that you can’t go wrong with considering ITinvolve Service Manager as your ITSM tool for Change, Configuration and Release.

In Their Own Words:

ITinvolve Service Manager transforms IT Service Management (ITSM) with a unique, breakthrough approach.

Cloud computing, virtualization, and BYOD are making greater demands on traditional service management tools and processes. Unfortunately, commoditized service desk tools offer little more than ticketing and more “enterprise class” products are process-heavy and difficult to configure. What’s more, the collaboration capabilities they contain are afterthoughts at best and lack the context required for effective engagement.

ITinvolve challenges this status quo.

Product Highlights:

  • Provides a unified self-service portal for incidents, requests, and help information
  • Supports ITIL processes for incident, problem, change, and request management
  • Brings valuable, but scattered, IT knowledge and data together in one place – displaying it visually
  • Captures undocumented, expert tribal knowledge through easy-to-use social collaboration
  • Ensures teams have a trusted, complete, and accurate foundation for rapid decision making and risk analysis

Screenshots

This independent review is part of our Change, Configuration and Release Review.

Review: Cherwell for Change, Configuration and Release

logo_cherwell-softwareCherwell Service Management

This independent review is part of our Change, Configuration and Release Review.

Executive Summary

Elevator Pitch Cherwell Service Management® is a functionality-rich and user friendly tool.

The flexibility of Cherwell Service Management allows customers to automate existing change and configuration processes without the need to compromise the status quo to fit around the tool.

With Cherwell Choice™ concurrent licensing and flexible hosting model, you can choose what works best for your business — Pay-as-you-go or perpetual license, Hosted on-premise, by Cherwell or by a third party.

Strengths
  • Offers multiple ways to achieve the same outcome (e.g. creating a change request) meaning that users can work whichever way best suits them and their requirements
  • Mature change calendar with drag and drop functionality and ability to create changes direct from the calendar view
  • Robust collision detection
Weaknesses
  • Requires experience and an increased investment in time to implement release management if your existing process is complex
Primary Market Focus Based on the information provided, Cherwell Service Management is primarily a mid-market solution with the ability to be scaled-up to enterprise class organisations

Commercial Summary

Vendor Cherwell Software
Product Cherwell Service Management
Version reviewed 4.6
Date of version Release November 2013
Year Founded 2004
Customers 600+ ITSM customers worldwide
Pricing Structure Fully inclusive concurrent user usage for both perpetual and SaaS licensing models
Competitive Differentiators
  • Fully integrated management processes that are 100% configurable against an organisation’s current and future service request models, without the need to write a single line of code via programming or scripting services
  • Integrated Platform as a Service (PaaS) technology to empower users to easily develop and deliver integrated business services offerings
  • Quick, easy, and seamless system upgrades, as well as low cost of ownership for on-going system management overheads

Independent Review

Cherwell Service Management® (hereafter referred to as “CSM”) is a tool that is a relatively straightforward to use. This is not because there is only one way to achieve a particular outcome but rather that there are many ways to achieve the same goal – with the ability to choose the one that better suits your style of working, rather than having to tailor around the tool.

Cherwell admits that previously it has tried to be “everything to everyone” but that it is now working to better provide for its target audience.  With Change, Configuration and Release Management generally being somewhat “hit and miss” amongst vendors, CSM is a well-rounded tool that manages to be both straightforward and robust enough for all but the most complicated of change and release processes.

In ITSM Review’s opinion, CSM would be suitable for all types and sizes of organisations, except for those that already have a heavy and complex release management process in place.  Whilst we believe that it is possible to successfully configure CSM to meet more complex release needs (such as these), given the time, energy and expertise required to do so, it is likely that that an alternative tool would be a better fit for your organization.

For the vast majority of organisations, we believe that CSM has all the functionality required to compliment your change, release and configuration processes to operate an efficient and successful management service.

In our opinion, CSM looks marginally older fashioned than its rivals in this group test, but what it lacks in style, it makes up for in operation.  Easy to navigate, with all the functionality that anyone other than the most demanding release connoisseur could ever need, we see this tool as being a welcome addition to many IT organisations.

General

Release and changes are both created from within the change area of the tool.  Although CSM change management has solid out-of-the box functionality, which is easy to implement and is suitable for any organisation, release management almost always needs configuration by the customer.

This having been said, CSM states that it prides itself on being highly configurable without requiring scripting know-how, and we can see how with a little time and perseverance even someone brand new to the tool, like ITSM Review for example, could create a perfectly adequate, although basic, release management process with CSM.  However, if your existing release management mechanism is complex and entrenched then implementation will require a little more time and experience to ensure success.

Change

Changes are broken down into three types;

  • Emergency
  • Standard (repeatable)
  • Normal

Each change type has it’s own thread to follow and contains templates that can be configured and set for pre-approval.

Normal changes follow a step-by-step form designed to ensure that no area is missed with the added bonus of an expanded view that shows all steps in one go.  This feature would be especially useful to newcomers or occasional change coordinators who are unsure of all the information required for a change to be submitted.  The expanded feature is only available in Read Only to ensure that all steps are completed.

When creating a change, the Risk Impact is dynamically updated by the ticking and un-ticking of certain pre-defined (and customisable) check boxes.  The priority is then easy to identify from a table that shows the impact vs. urgency.

Where more than one undertaking is required during a change, tasks can be created to divide work and responsibility.  Tasks can be set to run concurrently or once the previous task is completed depending upon configuration, which is again customisable. For more complex changes, the ITPT (IT Project Tracking) can be used.  Resources for Tasks (as with Approvers) can either be individuals, teams or expression-based. Expression-based refers to individuals who, for example, are responsible for a specific Configuration Item (CI) (this would change based on which CI was being changed).

Time limits can be set on tasks with the ability for notifications to be sent via e-mail, Dashboards, RSS Feeds or mobile devices.

Changes can be bundled into a release for deployment together.  Although these bundled changes may not aggregate a release in the strictest sense, this option is a good one as for the vast majority of organisations, there is no real need for a separate area for this functionality.

Configuration

For discovery and inventory within CSM, you can either use the internal tool or integrate with a third-party application such as SCCM, Altiris, Express Metrics etc. Via OLEDB/ODBC drivers, SQL views, web services or the API.

Whenever a CI is introduced into the CMDB, a snapshot is taken of the CI, and from that point, any changes made to it are noted in the Baseline Changes Tab.

CI forms, like the rest of the tool, are highly configurable with the ability to set fields as mandatory, read-only etc., as you would expect.  CIs are easily filterable and easy to locate from within other areas of the system.

CSM has a mature impact analysis tool, which shows a graphical representation of CIs, Services AND Users with the ability to click-through on each type to see historical changes, problems and incidents. Many IT organisations only have a vague idea of what could adversely be affected by changes – if you are one of these organisations we feel that a demonstration of CSM will likely give you hope that it is possible to create a change in complete confidence that everything will not fall down around your ears!

Calendar    

In our opinion, the change calendar is one of the most advanced calendars within this Change, Configuration and Release Management review.

There are unlimited maintenance and blackout windows that can be set, and the Collision Detection tool is able to intelligently suggest adjustments to proposed changes, such as escalation to Emergency change if it detects that the date is not within the maintenance window, or date change if the change falls during a blackout window.

The change calendar view is customisable by person, group or role (by admin) and contains a number of filters and sorting capabilities for even the most saturated of change environments.  If however you decide to use a calendar function external to Cherwell Service Management, (although we have no idea why you would want to) items in the calendar can be exported in iCal or vCal format and can be automated using one-step automation actions.

Functionality that ITSM Review especially likes is the ability to create a change from within the calendar and also “drag and drop” changes to another date.

What never ceases to amaze us is the amount of change processes that make life so complicated for change manager’s/coordinator’s etc., which means that they spend more time requesting changes than actually doing them.  Although Cherwell can do nothing about your specific process implemented within your organization, it has at least made it such that CSM is no longer a further hindrance.

One size does not fit all with ITSM tools, and being able to do the same things several ways suggests to me that Cherwell is more about fitting the tool around the people and process than vice versa.

Approvals

As mentioned with Tasks, Approvers can either be individuals, teams or expression-based, and time limits can be set with approvals being able to be sent via e-mail or by logging into the tool (including on mobile devices).

The approval matrix can be set to a straight Yes/No response or a percentage response option giving approvers the ability to accept, decline or abstain the request.

Depending on your personal set up, approvals can go to backup approvers or auto decline etc. In the event that there is no response by the end of the time specified.  Using workflow in CSM approvals provides infinite possibilities with even the most complicated approval process feasible.

All requested approvals are stored in the database and can be viewed via a report on the dashboard.

In Summary

Unless you are an organisation with advanced or complex release management requirements, we highly recommend that you consider Cherwell Service Management as your tool of choice.

In Their Own Words:

Cherwell Software is one of the fastest growing IT service management software providers. It began with simple goals: to make service desk software it would want to use and to do business honestly, putting customers first. Cherwell Software is passionate about customer care and is dedicated to creating “innovative technology built upon yesterday values.”

The company has  corporate headquarters in Colorado Springs, CO, U.S.A. and EMEA headquarters in Swindon,  U.K. A global team of dedicated employees and expert partners who appreciate the technology – but love customers – serve in North America, South America, Asia and Australia. Cherwell Software  received the 2013 SDI Best Vendor for Customer Service  award.

Cherwell’s flagship product, Cherwell Service Management®, delivers an innovative, award-winning and holistic approach to service management, allowing IT and support departments to align with organisation strategy and to deliver maximum IT business value.  Cherwell Service Management is the affordable, easy-to-use, ITSM suite with maximum portability. With Cherwell ChoiceTM concurrent licensing and flexible hosting model, you can choose what works best for your business — SaaS or purchase, and hosted on-premises, hosted by Cherwell or hosted by a third party.

Screenshots

This independent review is part of our Change, Configuration and Release Review.

Review: Axios for Change, Configuration and Release

PrintAxios

This independent review is part of our Change, Configuration and Release Review.

Executive Summary

Elevator Pitch Axios assyst is a solid, mature and well-rounded tool marketed towards organisation with 1,000+ end users.The functionality and design of assyst provides the ability to manage both simple and complex workflow processes to support the management of change and request.Available both as a SaaS solution and on premise – with concurrent and named licenses – assyst provides a flexible model to fit around your business.
Strengths
  • Relationships between configuration items, services and users are clearly displayed via a visual impact explorer
  • Drag and drop calendar functionality
  • Easy to collaborate on changes etc., reducing the need for the use of external software
Weaknesses
  • Requires experience and an increased investment in time to implement release management if your existing process is complex
Primary Market Focus Based on the information provided Axios assyst is exclusively used by large to very large organisations (circa 1000+ users)

Commercial Summary

Vendor Axios
Product assyst
Version reviewed V10.4
Date of version Release January 2014
Year Founded 1998
Customers 1,000+
Pricing Structure Available both as a SaaS solution and on premise, with concurrent and named licenses
Competitive Differentiators
  • All ITSM process integrated into one app – non-modular
  • Visual Impact Explorer provides clear graphical views of infrastructure and relevant relationships
  • Drag and drop change/release process design

Independent Review

Axios assyst (hereafter referred to as “assyst”) is an extremely mature and well-rounded tool, which covers the larger end of the ITSM market, i.e. 1,000+ users.  Requiring no development or programming know-how, users of assyst are able to use the templates and workflows to tailor the system to their organisational needs with minimal training.

Axios boasts that it has 18+ years experience of service management experience in the wider business, not just in IT, and as a result is in a better position to cater to the expanding market of Enterprise Service Management.  However, although I would agree that assyst is capable of catering to this market, I feel that the look and feel would be less conducive to the wider business than in some of the other tools featured in this Change, Configuration and Release Review. It is my opinion that assyst currently looks like an IT tool trying to expand into other areas, rather than a tool that can already sufficiently work outside of IT and would benefit from some superficial user experience enhancements to make it less IT department centric

My overall impression of the tool is that assyst would be suitable for large (1,000 – 9,999 users) to very large organisations (10,000+ users) with moderate to mature change processes in place.  Release will take these organisations additional time and manpower to configure due to the need to modify change to resemble your release process, however, provided that this is not too complex, this should be fairly painless and relatively straight forward to implement.

If you are looking for a solid tool that interacts well with other processes (such as Incident and Problem Management), and gives a clear graphical view of your infrastructure for risk assessment, then provided that you are part of an organisation with 1,000+ users, I believe that assyst would be a strong candidate for your consideration.  Whilst assyst could certainly be considered by smaller organisations, I feel that cost may be prohibitive.

General

assyst performs release via the change area of the tool.  A change form can be used to record the release details and is categorised as a ‘Major Release’ or ‘Minor Release’, with these categories being fully customisable.

assyst contains a number of standard release processes that can be easily modified, together with a set of common stages, such as approval escalation based on monetary thresholds, which can be used to rapidly build custom release processes (Stage Library).  If your release process is uncomplicated then implementation of this mechanism should be fairly straightforward.

Forms within assyst are dynamic, which means that dependent upon which fields are selected, other areas will appear or disappear, thus tailoring the experience and making it easier to gain exactly the information you require.  I believe this advancement will make for a more positive interaction for the self-service customer.

Change

assyst comes with a number of standard release processes that can be easily modified to suit an organisation’s individual needs.  These can be configured to provide analysts with the ability to select Change/Release templates, including pre-approved, from a pre-defined list.

assyst features a “visual impact explorer”, which provides clear graphical views (i.e., service-oriented, hierarchic, impacted users and peer-to-peer) of the infrastructure.  Clicking on an item, i.e. a server, will change the view to show all the relationships that will be affected by a change.  This is one particular feature that I can see being especially useful for organisations with complicated infrastructure, and use of it should greatly reduce the time spent on risk assessment.

As you would expect all Changes logged require a Category, an Impact / Urgency and a Service Department to be assigned to it for resolution.  Dependent upon the configuration of the change template and fields completed, the risk is calculated and set as either minor, major, or significant, and the proper Workflow is then initiated to match the risk level calculated.

The link types are fully configurable enabling customers to rename with terminology appropriate to their organisation and is particularly useful for widening the use of the tool into Enterprise Service Management and shows that the expanded use of the tool has been taken into consideration by Axios.

Pre-approved Change/Release templates are available for selection from a pre-defined list.  The template and workflow associated can be fully customized using the visual Process Manager.  Dependent upon set up, the Workflow Processor will automatically route the request to the appropriate staff for the relevant authorization, decision and fulfillment tasks to be completed.

Configuration

assyst provides functionality to design and manage both simple and complex workflow processes to support the management of change and request. A workflow process is constructed from a series of stages, which are in turn constructed from a series of Tasks that can comprise of actions to be taken, authorizations and decisions.

Tasks are assigned dynamically based on information held within the CMDB by setting “Task Expressions”, and as a result authorisation can be advanced to a more senior employee if the cost of the change is above a certain threshold value.  The workflow engine manages the control of this process and is capable of handling multiple threads simultaneously.  This means that for standard requests, such as new starters, where several change requests could require processing, they can be run concurrently saving valuable time.

assyst allows each user to customise their view of the system which means that Dashboards and Reports can be tailored individually, permission allowing.

Calendar    

The change calendar is able to detect conflicts on a number of levels including blackout periods, maintenance windows or instances where more than one change is planned against the same item or system/service at the same time.

Changes can be dragged/right clicked to move to a more appropriate time, such as within a maintenance window.  Drag and drop functionality within the change calendar is extremely useful and something that I hope more vendors incorporate within their change management tool.

Approvals

As with the rest of the tool, change management security is based on group and role permissions, access to which is dynamically allocated based on operation process roles set by the customer. assyst allows for the creation of multiple groups, for example CAB’s, and users can be associated to any number of these groups.

Individuals and groups can be assigned tasks within a change, due to assyst’s workflow capabilities, and the workflow process can be configured by the customer to include multiple stages and tasks. These can include any number of authorisations, approvals and decision stages, which can dynamically alter the flow of the process.

assyst is another tool that is applying collaboration within the solution, and change is certainly an area that can benefit from keeping communication in one place. Groups of users can create an online CAB meeting from the Change and invite other members to review changes, post comments and approvals without requiring tasks to be assigned to individuals.  I can see this being a well-used area especially with dispersed teams and CAB’s.

In Summary

assyst offers solid change, configuration and release functionality with strong risk assessment capabilities. I therefore believe that it is a good offering for both large and enterprise organisations with moderate to mature change processes in place.

In Their Own Words:

Axios was formed in 1988 with one single objective in mind – to deliver software that better enables Strategic IT Service Management (ITSM) initiatives for the professionals that deliver world-class IT services within their organizations daily.

With over 2 decades immersed in ITSM routed in ITIL and R&D investment in our software, we believe that we offer customers an unrivaled combination of product functionality, depth of understanding of ITSM and the ability to execute delivery of ITSM initiatives with customers with a world class Global Services organization. Our long-standing involvement also means that as ITIL has evolved, our solution has evolved and matured, allowing us to better support and enable organizations navigate the complexities of practical implementation of best practice to strategic, value driven ITSM.

The assyst product has been developed from inception as an ‘out of the box’ IT Service Management (ITSM) solution, fully compliant with the recognised PinkVERIFY / ITIL and BS15000 (now ISO 20000) philosophies for Service Management Best Practice.

assyst fully supports both ITIL V2 and ITIL V3. assyst is currently used by a number of customers to support IT governance initiatives (such as Sarbanes Oxley).

Screenshots

This independent review is part of our Change, Configuration and Release Review.